用户和角色有什么区别? [英] What is the difference between a user and a role?
问题描述
我知道还有其他相似的线程,但我不确定如果它们与Postgres有关。
I know there are other threads that are similar, but I am not sure if they are relevant to Postgres.
注意:如第20章所述,实际上PostgreSQL确实按照角色赋予
管理特权。在本章中,我们始终使用
数据库用户来表示具有LOGIN特权的角色。
Note: As explained in Chapter 20, PostgreSQL actually does privilege management in terms of "roles". In this chapter, we consistently use database user to mean "role with the LOGIN privilege".
这基本上是指一个角色是数据库用户?还是角色和用户之间有区别?角色是始终拥有完整特权的用户时,用户是否有可能没有完整特权?
Does this basically mean a role is a database user? Or is there a difference between a role and a user? Do users have the potential to not have full privileges while roles are users who always do have full privileges?
推荐答案
Postgres的先前版本以及其他一些数据库系统具有组(被授予对数据库对象的访问权限)和用户(可以登录并是一个或多个组的成员)的独立概念。
Previous versions of Postgres, and some other DB systems, have separate concepts of "groups" (which are granted access to database objects) and "users" (who can login, and are members of one or more groups).
在现代版本的Postgres中,两个概念已合并:角色可以登录,可以继承其他角色(例如用户成为组成员) ,或者一个组是另一个组的成员)。
In modern versions of Postgres, the two concepts have been merged: a "role" can have the ability to login, the ability to "inherit" from other roles (like a user being a member of a group, or a group being a member of another group), and access to database objects.
为方便起见,许多工具和手册都将具有登录权限的任何用户称为用户或登录角色,以及任何不作为组或组角色的用户,因为粗略地保持该结构是有用且常见的做法。这完全是术语的惯例,要了解权限,您只需要了解创建角色和授予他们访问权限。
For convenience, many tools and manuals refer to any user with login permission as a "user" or "login role", and any without as a "group" or "group role", since it is useful and common practice to keep roughly to that structure. This is entirely a convention of terminology, and to understand the permissions, you need only understand the options available when creating roles and granting them access.
为方便起见,Postgres仍然使用旧术语接受命令,例如 创建用户 和 创建组 都是 创建角色 。如果您编写 CREATE USER ,默认情况下, LOGIN 权限将添加到新角色,以模仿旧行为那是一个单独的命令。
Again purely for convenience, Postgres still accepts commands using the old terminology, such as CREATE USER and CREATE GROUP which are both aliases for CREATE ROLE. If you write CREATE USER, the LOGIN permission will be added to the new role by default, to emulate the old behaviour when that was a separate command.
这篇关于用户和角色有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
